The theme of the 2015 iCTF is “crowdsourcing evil” also known as "making bad".In order to participate to the iCTF, each team has to write a vulnerable service. The service must follow precise specifications (a document describing the service specs and an example of a service will follow). The service will then be put in the vulnerable image and will become part of the competition. Of course, the team who created the service will not be able to score against that service, but all the others are fair game.The service can be web-based or use a stdin/stdout-over-[x]inetd style.

One important question is: How difficult should the vulnerability in the service be?If the vulnerability is too easy (i.e., too many teams will be able to break into the service) your team will be penalized.If the vulnerability is too difficult (i.e., not enough teams will be able to break the service) your team will also be penalized.Of course, finding the right balance is difficult, and that’s why it’s a challenge!So, during the iCTF you can imagine that the services will be ordered by the number of teams that exploited the service.This order is then used as an index in a statistical distribution to determine service points.The service points are then composed with more traditional points (attack points, defense points, and SLA points) to copmute the final score.

Be the best at finding the right balance in vulnerability complexity and you will gain an edge over the other teams!

Note that some things are different this time around:

1) We will not run your exploits on your behalf, like we did the past few years

2) All interaction with the iCTF will be through a Python module. After you execute "pip install ictf" you will be able to register and provide your credentials/services/matadata through functions from the ictf module.

Note that the services are due on November 20th (of course, you need to register before that date as well).If you have not provided a service by then, you will NOT participate in the iCTF.

Also please consider the fact that your team's service will be shared with all the other teams.If your service is lame, you will be mocked forever.If your service is cool, you will be celebrate as the elite team you are.

Note that the competition is open only to teams from educational institutions. We will require a faculty POC who will be responsible for the ethical behavior of the team.

We will run a lot of your code during service installation, so please try to be nice and avoid trying to hack the platform ;-)

More details about service creation will follow. In the meanwhile, start thinking about the service you want to submit to enter the competition.